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AMENDMENT IN THE CLAIMS CENTRAL FAX CENTifi 

btP U 5 2006 

The following includes the entire set of pending claims including markups. 
Please amend Claims 1, 5, 25, 32, 38, and 44. 
Please cancel Claims 4 and 10-11. 



1 , (currently amended) A user data processor for providing access to a rights controlled 
data object, the user data processor comprising: 
a processing device; 

a commtmications device connected to the processing device and configured to receive 
an encrypted secure package containing a portion of the rights controlled data object and 
having at least three secure layers requiring decryption ; 

a user program running on the processing device, the user program configured to 
control access to the rights controlled data object; 

a user program security module configured to at least partially decrypt a first secure 
layer of the secure package using a user program key associated with the user program; 

a user key device associated with a user, the user key device detaohably connected to 
the processing device^ accessible by the user program, and configured to restrict the use of the 
data object to the user using a user key for decrypting a second secure laver of the secure 
package: and 

a machitie key device connected to and associated with the processing device and 
accessible by the user program, the machine key device configured to restrict the use of the 
data object to the user data processor using a machine key for decrypting a third secure layer 
of the secure package . 



2. (original) The user data processor of claim 1 , wherein the user program is configxared 
to commvmicate with the machine key device to authenticate the identity of the processing 
device using the machine key. 

3. (original) The user data processor of claim 2, wherein the processing device is 
configured to provide rights controlled access to digital video. 



4, (canceled) 
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5* (currently amended) The user data processor of claim [[4]] i, wherein the user 
program is configured to communicate with the machine key device to authenticate the 
identity of the processing device using the machine key. 

6. (original) The user data processor of claim 5, wherein the machine key is an 
asymmetric machine key pair comprising a public machine key and a private machine key, 

7. (original) The xiser data processor of claim 6, wherein the machine key device is 
configured to generate the asymmetric machine key pair. 



8. (canceled) 



9. (previously presented) The user data processor of claim 1 , wherein the user program 
is configured to communicate wdth the machine key device to authenticate the identity of the 
processing device using the machine key, and wherein the user program is configured to 
communicate with the user key device to authenticate the identity of the user using the user 
key. 



LAW OVnCES OF 
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10, (canceled) 

11, (canceled) 

1 2. (previously presented) The user data processor of claim 1 , further comprising: 

a second security module configured to at least partially decrypt the secure package 
using a second key; and 

a third security module configured to at least partially decrypt the secure package 
using a third key. 

1 3 . (original) The user data processor of claim 1 2, wherein the second security module is 
configured to communicate with the user key device to authenticate the identity of the 
processing device using the user key, and wherein the third security module is configured to 
communicate with the machine key device to authenticate the identity of the processing 
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device using the machine key. 

14. (original) The user data processor of claim 12, wherein the second key is a portion of 
the user key> wherein the second security module is configured to obtain the second key from 
the user key device, wherein the third key is a portion of the machine key, and wherein the 
third security module is configured to obtain the third key from the machine key device. 

1 5 . (original) The user data processor of claim 14, wherein the second security module 
and the third security module are parts of the user program, 

1 6. (original) The user data processor of claim 1 , further comprising a third security 
module configured to at least partially decrypt the secxxre package using a third key. 

1 7. (original) The user data processor of claim 1 6, wherein the third security module is 
configured to communicate with the machine key device to authenticate the identity of the 
processing device using the machine key. 

18. (previously presented) The user data processor of claim 17, wherein the third key is 
the media access controller (MAC) address of the user data processor. 

19. (original) The user data processor of claim 16, wherein the third key is a portion of 
the machine key, and wherein the third security module is configured to obtain the third key 
from the machine key device, 

20. (original) The user data processor of claim 1 9, wherein the third security module is a 
part of the user program. 

21 . (original) The user data processor of claim 1 > wherein the user program is 
implemented in hardware. 

22. (original) The user data processor of claim 1 , wherein the user program security 
module is part of the user program. 
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23. (original) The user data processor of claim 1, wherein the processing device i$ a 
general purpose computer. 

24. (original) The user data processor of claim 1, wherein the processing device and the 
machine key device are contained in a single integrated circuit. 

25. (currently amended) A method of restricting the use of a data object, the method 
comprising: 

(A) associating a user program key with a user program configured to run on a user 
data processor; 

(B) determining whether the use of the data object is to be restricted to a particular 
user data processor; 

(C) associating a machine key device with the particular user data processor, wherein 
the machine key device is accessible by the user program, and wherein the machine key 
device maintains a portion of a machine key; 

(D) encrypting the data object such that decryption of a first secure layer and a second 
secure layer of the encrypted data object requires the user program key and the machine key^ 



respectively: 



(E) determining whether the use of the data object is to be restricted to a particular 



user; 



(F) associating a user key device with the particular user, wherein the user key device 
is accessible by the user program, and wherein the user key device maintains a portion of a 
user key; and 

(G) encrypting the data object such that decryption of a third secure layer of the 
encrypted data object [[also]] requires the user key. 



26. (previously presented) The method of claim 25, further comprising: 

(H) providing control elements for controlling the use of the data object through the 
user program; 

(I) transmitting the encrypted data object to the user data processor; and 
(J) transmitting the control elements to the user data processor. 

27. (previously presented) The method of cleiim 26, further comprising: 
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(K) digitally signing the control elements such that the control elements can be 
authenticated; and 

(L) transmitting the digital signature of the control elements to the user data processor. 

28. (original) The method of claim 27, wherein the machine key is an asymmetric 
machine key pair comprising a public machine key and a private machine key. 

29, (original) The method of claim 25. wherein (D) comprises; 
encrypting the data object with a session key, and 

encrypting the session key such that decryption requires the user program key and the 
machine key. 



30. (canceled) 
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3 1 . (previously presented) The method of claim 25, wherein the user key is an 
asymmetric user key pair comprising a public user key and a private user key. 

32, (currently amended) A method of restricting the use of a rights controlled data object, 
the method comprising: 

(A) associating a user program key with a user program configured to run on a user 
data processor; 

(B) encrypting the data object such that decryption of a first sec ure layer of the 
encrypted data object requires the user program key; 

(C) determining whether the use of the data object is to be restricted to a particular 
user data processor; 

(D) associating a machine key device with the particular user data processor, wherein 
the machine key device is accessible by the user program, and wherein the machine key 
device maintains a portion of a machine key for decrypting a second secure lavcr of the 
encrypted data object ; 

(E) creating a machine control element configured to cause the user program to restrict 
use of the data object to the particular user data processor by authenticating the particxUar user 
data processor based upon at least the machine key and by at least communicating with the 
machine key device; 
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(F) transmitting the encrypted data object and the machine control element to the user 
data processor; 

(G) including the machine control element in a set of control elements configured to 
cause the user program to control access to the data object; 

(H) signing the set of control elements, wherein (F) comprises transmitting the signed 
set of control elements; 

(I) determining whether the use of the data object is to be restricted to a particular 

user; 

(J) associating a user key device with the particular user, wherein the user key device 
is accessible by the user program, and wherein the user key device maintains a portion of a 
user key for decrypting a third secure layer of the encrypted data object ; 

(K) creating a user control element configured to cause the user program to restrict use 
of the data object to the particular user by authenticating the particular user based upon at 
least the user key and by at least communicating with the user key device; and 

(L) including the user control element in the set of control elements. 

33. (canceled) 

34. (canceled) 

35. (previously presented) The method of claim 32, wherein the machine key is an 
asymmetric machine key pair comprising a public machine key and a private machine key. 

36. (original) The method of claim 35, wherein (E) comprises including in the machine 
control element a digital certificate comprising the public machine key. 

37* (previously presented) The method of claim 32, further comprising (M) encrypting 
the data object such that decryption also requires the machine key. 

38. (currently amended) A method of restricting the use of a data object, the method 
comprising: 

(A) associating a user program key with a user program configured to run on a user 
data processor; 
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(B) determining whether the use of the data object is to be restricted to a particular 
user data processor; 

(C) associating a machine key with the particular user data processor; 

(D) encrypting the data object such that decryption requires the user program key and 
the machine key; 

(E) transferring the encrypted data object to the user data processor; 

(F) determining whether the data object has been encrypted such that decryption 
requires the machine key; 

(G) decrypting a first secure layer and a second secure layer of the data object using 
the user program key and the machine ke v. respectively : 

(H) determining whether the use of the data object is to be restricted to a particular 

user; 

(I) associating a user key with the particular user; 

(J) encrypting the data object such that decryption also requires the user key; 
(K) determining whether the data object has been encrypted such that decryption 
requires the user key; and 

(L) decrypting a third secure layer of the data object using the user key. 



39. (canceled) 
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40, (original) The method of claim 38, 
v^^erein (D) comprises; 

encrypting the data object with a symmetric session key, and 

encrypting the symmetric session key such that decryption requires the user 
program key and the machine key, and 
wherein (G) comprises: 

decrypting the symmetric session key with the user program key and the 
machine key, and 

decrypting the data object using the decrypted symmetric session key. 

41 . (original) The method of claim 40, wherein the user program key is an asymmetric 
user program key pair comprising a public user program key and a private user program key. 
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42. (original) The method of claim 40, wherein the user program key is a symmetric key, 

43. (original) The method of claim 40, wherein the machine key is an asymmetric 
machine key pair comprising a public machine key and a private machine key, 

44. (currently amended) A secure data package for controlling the use of a data object, 
the package comprising a controlled portion of the data object, the controlled portion 
encrypted such that decryption of a first secure layer and a second secure layer of the 
encrypted data object requires both a user program key and a machine key, respectively, 
wherein a portion of the user program key is maintained by and associated with a user 
program configured to run on a user data processor to provide controlled access to the data 
object, wherein the user data processor has a permanently attached machine key device 
configured to maintain the machine key, and wherein the controlled portion comprises an 
essential portion of the data object, \?^erein the controlled portion is additionally encrypted 
such that decryption of a third secure laver of the encrypted data object requires a user key, 
wherem the user key is maintained by a user key device associated with a particular user and 
detachably connected to the processing device* 



45. (canceled) 



LAW OFFICIOS Of 
MKrilCaSONKWOK 
CU^AUBIDLLr 

2402 MlCHfiUOH DR. 

aiVIND. Ca 93<U 
(9i9i 75J.7(M0 



46. (previously i^resented) The user data processor of claim 1 , wherein the user key 
device provides encryption and decryption fimctionality for the user. 

47. (previously presented) The user data processor of claim 1 , wherein the machine key 
device provides encryption and decryption functionality for the user data processor. 

48. (previously presented) The user data processor of claim 1 , wherein the user key is 
used for decryption. 
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